Lucene search
K

9 matches found

NVD
NVD
added 2025/08/28 1:15 p.m.5 views

CVE-2025-49387

Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through =...

10CVSS0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/25 1:19 p.m.15 views

CVE-2025-47492

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Path Traversal.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a...

8.6CVSS7.2AI score0.01212EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 1:15 p.m.5 views

CVE-2025-47492

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms drag-and-drop-file-upload-for-elementor-forms allows Path Traversal.This issue affects Drag and Drop File Upload for Elementor Forms: from n/a...

8.6CVSS0.01212EPSS
Exploits0References1
CVE
CVE
added 2025/05/23 12:43 p.m.52 views

CVE-2025-47492

CVE-2025-47492 is a path traversal vulnerability in the WordPress plugin Drag and Drop File Upload for Elementor Forms (versions up to 1.4.3). The root cause is improper limitation of a pathname to a restricted directory, enabling traversal to files outside the intended directory. Impact per sour...

8.6CVSS7.2AI score0.01212EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/23 12:0 a.m.3 views

Tenable Network Monitor 安全漏洞

Tenable Network Monitor is an open source system vulnerability scanner developed by Tenable Holdings, Inc. in the United States, mainly used for security assessment of network devices. Tenable Network Monitor suffers from an elevation of privilege vulnerability that originates from a...

7.8CVSS7.3AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:0 p.m.7 views

CVE-2022-34483

An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from...

8.8CVSS5.8AI score0.00721EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/05 4:1 a.m.7 views

DOM-based Cross-site Scripting (XSS)

copyparty is vulnerable to DOM-based cross-site scripting. The vulnerability is due to improper handling of maliciously named files during drag-and-drop actions in the Web UI, allowing arbitrary JavaScript execution...

6.1CVSS6.7AI score0.00426EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/01/31 11:15 p.m.11 views

CVE-2025-24891

Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject...

9.6CVSS0.00619EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.12 views

PT-2024-27354 · WordPress · Drag/Drop Multiple File Upload – Contact Form 7

Name of the Vulnerable Software and Affected Versions: Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress versions up to, and including, 1.3.7.7 Description: The issue allows unauthenticated attackers to extract sensitive data uploaded via the plugin through a form. This is...

7.5CVSS6.6AI score0.0065EPSS
Exploits0References6
Rows per page
Query Builder